quark-noroot-20191003-3c7049e.diff - sites - public wiki contents of suckless.o… | |
git clone git://git.suckless.org/sites | |
Log | |
Files | |
Refs | |
--- | |
quark-noroot-20191003-3c7049e.diff (5193B) | |
--- | |
1 From d91f68b56a4fd673786e9e4df0088642f3b186ff Mon Sep 17 00:00:00 2001 | |
2 From: codesoap <[email protected]> | |
3 Date: Thu, 3 Oct 2019 17:00:49 +0200 | |
4 Subject: [PATCH] patch: noroot | |
5 | |
6 Don't require or allow root to run quark. | |
7 --- | |
8 main.c | 50 ++------------------------------------------------ | |
9 quark.1 | 13 +------------ | |
10 sock.c | 7 +------ | |
11 sock.h | 2 +- | |
12 4 files changed, 5 insertions(+), 67 deletions(-) | |
13 | |
14 diff --git a/main.c b/main.c | |
15 index c1ff489..583e343 100644 | |
16 --- a/main.c | |
17 +++ b/main.c | |
18 @@ -1,9 +1,7 @@ | |
19 /* See LICENSE file for copyright and license details. */ | |
20 #include <errno.h> | |
21 -#include <grp.h> | |
22 #include <limits.h> | |
23 #include <netinet/in.h> | |
24 -#include <pwd.h> | |
25 #include <regex.h> | |
26 #include <signal.h> | |
27 #include <sys/resource.h> | |
28 @@ -163,7 +161,7 @@ err: | |
29 static void | |
30 usage(void) | |
31 { | |
32 - const char *opts = "[-u user] [-g group] [-n num] [-d dir] [-l]… | |
33 + const char *opts = "[-n num] [-d dir] [-l] " | |
34 "[-i file] [-v vhost] ... [-m map] ..."; | |
35 | |
36 die("usage: %s -h host -p port %s\n" | |
37 @@ -174,8 +172,6 @@ usage(void) | |
38 int | |
39 main(int argc, char *argv[]) | |
40 { | |
41 - struct group *grp = NULL; | |
42 - struct passwd *pwd = NULL; | |
43 struct rlimit rlim; | |
44 struct sockaddr_storage in_sa; | |
45 pid_t cpid, wpid, spid; | |
46 @@ -188,8 +184,6 @@ main(int argc, char *argv[]) | |
47 /* defaults */ | |
48 int maxnprocs = 512; | |
49 char *servedir = "."; | |
50 - char *user = "nobody"; | |
51 - char *group = "nogroup"; | |
52 | |
53 s.host = s.port = NULL; | |
54 s.vhost = NULL; | |
55 @@ -202,9 +196,6 @@ main(int argc, char *argv[]) | |
56 case 'd': | |
57 servedir = EARGF(usage()); | |
58 break; | |
59 - case 'g': | |
60 - group = EARGF(usage()); | |
61 - break; | |
62 case 'h': | |
63 s.host = EARGF(usage()); | |
64 break; | |
65 @@ -241,9 +232,6 @@ main(int argc, char *argv[]) | |
66 case 'U': | |
67 udsname = EARGF(usage()); | |
68 break; | |
69 - case 'u': | |
70 - user = EARGF(usage()); | |
71 - break; | |
72 case 'v': | |
73 if (spacetok(EARGF(usage()), tok, 4) || !tok[0] || !tok… | |
74 !tok[2]) { | |
75 @@ -291,25 +279,13 @@ main(int argc, char *argv[]) | |
76 die("setrlimit RLIMIT_NPROC:"); | |
77 } | |
78 | |
79 - /* validate user and group */ | |
80 - errno = 0; | |
81 - if (user && !(pwd = getpwnam(user))) { | |
82 - die("getpwnam '%s': %s", user, errno ? strerror(errno) : | |
83 - "Entry not found"); | |
84 - } | |
85 - errno = 0; | |
86 - if (group && !(grp = getgrnam(group))) { | |
87 - die("getgrnam '%s': %s", group, errno ? strerror(errno)… | |
88 - "Entry not found"); | |
89 - } | |
90 - | |
91 /* Open a new process group */ | |
92 setpgid(0,0); | |
93 | |
94 handlesignals(sigcleanup); | |
95 | |
96 /* bind socket */ | |
97 - insock = udsname ? sock_get_uds(udsname, pwd->pw_uid, grp->gr_g… | |
98 + insock = udsname ? sock_get_uds(udsname) : | |
99 sock_get_ips(s.host, s.port); | |
100 | |
101 switch (cpid = fork()) { | |
102 @@ -329,24 +305,9 @@ main(int argc, char *argv[]) | |
103 eunveil(servedir, "r"); | |
104 eunveil(NULL, NULL); | |
105 | |
106 - /* chroot */ | |
107 if (chdir(servedir) < 0) { | |
108 die("chdir '%s':", servedir); | |
109 } | |
110 - if (chroot(".") < 0) { | |
111 - die("chroot .:"); | |
112 - } | |
113 - | |
114 - /* drop root */ | |
115 - if (grp && setgroups(1, &(grp->gr_gid)) < 0) { | |
116 - die("setgroups:"); | |
117 - } | |
118 - if (grp && setgid(grp->gr_gid) < 0) { | |
119 - die("setgid:"); | |
120 - } | |
121 - if (pwd && setuid(pwd->pw_uid) < 0) { | |
122 - die("setuid:"); | |
123 - } | |
124 | |
125 if (udsname) { | |
126 epledge("stdio rpath proc unix", NULL); | |
127 @@ -354,13 +315,6 @@ main(int argc, char *argv[]) | |
128 epledge("stdio rpath proc inet", NULL); | |
129 } | |
130 | |
131 - if (getuid() == 0) { | |
132 - die("Won't run as root user", argv0); | |
133 - } | |
134 - if (getgid() == 0) { | |
135 - die("Won't run as root group", argv0); | |
136 - } | |
137 - | |
138 /* accept incoming connections */ | |
139 while (1) { | |
140 in_sa_len = sizeof(in_sa); | |
141 diff --git a/quark.1 b/quark.1 | |
142 index ce315b5..e45140c 100644 | |
143 --- a/quark.1 | |
144 +++ b/quark.1 | |
145 @@ -35,13 +35,8 @@ is a simple HTTP GET/HEAD-only web server for static … | |
146 .It Fl d Ar dir | |
147 Serve | |
148 .Ar dir | |
149 -after chrooting into it. | |
150 +after changing into it. | |
151 The default is ".". | |
152 -.It Fl g Ar group | |
153 -Set group ID when dropping privileges, and in socket mode the group of … | |
154 -socket file, to the ID of | |
155 -.Ar group . | |
156 -The default is "nogroup". | |
157 .It Fl h Ar host | |
158 Use | |
159 .Ar host | |
160 @@ -86,12 +81,6 @@ redirects on non-standard ports. | |
161 Create the UNIX-domain socket | |
162 .Ar file , | |
163 listen on it for incoming connections and remove it on exit. | |
164 -.It Fl u Ar user | |
165 -Set user ID when dropping privileges, | |
166 -and in socket mode the user of the socket file, | |
167 -to the ID of | |
168 -.Ar user . | |
169 -The default is "nobody". | |
170 .It Fl v Ar vhost | |
171 Add the virtual host specified by | |
172 .Ar vhost , | |
173 diff --git a/sock.c b/sock.c | |
174 index 7000738..31960c5 100644 | |
175 --- a/sock.c | |
176 +++ b/sock.c | |
177 @@ -68,7 +68,7 @@ sock_rem_uds(const char *udsname) | |
178 } | |
179 | |
180 int | |
181 -sock_get_uds(const char *udsname, uid_t uid, gid_t gid) | |
182 +sock_get_uds(const char *udsname) | |
183 { | |
184 struct sockaddr_un addr = { | |
185 .sun_family = AF_UNIX, | |
186 @@ -99,11 +99,6 @@ sock_get_uds(const char *udsname, uid_t uid, gid_t gi… | |
187 die("chmod:"); | |
188 } | |
189 | |
190 - if (chown(udsname, uid, gid) < 0) { | |
191 - sock_rem_uds(udsname); | |
192 - die("chown:"); | |
193 - } | |
194 - | |
195 return insock; | |
196 } | |
197 | |
198 diff --git a/sock.h b/sock.h | |
199 index a39aec9..4f790f6 100644 | |
200 --- a/sock.h | |
201 +++ b/sock.h | |
202 @@ -8,7 +8,7 @@ | |
203 | |
204 int sock_get_ips(const char *, const char *); | |
205 void sock_rem_uds(const char *); | |
206 -int sock_get_uds(const char *, uid_t, gid_t); | |
207 +int sock_get_uds(const char *); | |
208 int sock_set_timeout(int, int); | |
209 int sock_get_inaddr_str(struct sockaddr_storage *, char *, size_t); | |
210 | |
211 -- | |
212 2.21.0 | |
213 |